JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
I tried to impress the attractive new engineer by casually mentioning JWTs at the daily standup, but they launched into a detailed explanation of the pros and cons of the HMAC vs RSA signing algorithms, exposing me as the poser I am.
My microservices architecture uses JWTs for authentication, which is great until the sales bros start slacking me at 2am because they're getting 401 errors again and I have to explain that copying a token from Postman doesn't mean you can use it forever.
Enterprise Integration Using REST - This article discusses the constraints and flexibility of nonpublic APIs, along with lessons learned from doing large-scale RESTful integration across multiple teams, which often involves JWT for authentication.
Consumer-Driven Contracts: A Service Evolution Pattern - This article describes the challenges in evolving a community of service providers and consumers. JWTs can be useful in implementing the "Consumer-Driven Contract" pattern it describes.
Richardson Maturity Model - A model that breaks down the principal elements of a REST approach into three steps. JWTs are commonly used for authentication in APIs that reach the higher levels of maturity in this model.
Note: the Developer Dictionary is in Beta. Please direct feedback to skye@statsig.com.